|
|
|
|
|
|
by gnur
4665 days ago
|
|
|
Not really a "pwn" (I hate that word), it is nearly impossible for any website to create encrypted data which it cannot retrieve themselves with some client side code.
If you would do gpg/pgp in pure javascript someone could alter the javascript to send back the private key.
Same thing with any client side software that can update itself without permission.
Sure, when you first access it it could be secure, but the second time, when the code-provider is compromised you have instantly lost your "private" keys. |
|
|